Microsoft Compares Malware Infection Rates, Socio-Economic Factors

Countries with the lowest malware infection rates generally had more personal computers per capita, spent more on healthcare per capita, had greater regime stability, and higher broadband penetration, Microsoft said in a special edition of the Security Intelligence Report.

Countries with the lowest malware infection rates generally had more personal computers, spent more on healthcare, had greater regime stability, and higher broadband penetration, Microsoft found in a new report.

In contrast, countries with high malware infection rates typically had low broadband speeds, lagged in broadband penetration, and high crime per capita, Microsoft found in the special edition of the Security Intelligence Report, released Feb. 6. Countries with cyber-security regulations and policies fared better security-wise than countries who have yet to implement robust programs, suggesting that treaties and codes of conduct helped countries be more prepared and better informed about the latest threats.

In the report, Trustworthy Computing's Global Security Strategy and Diplomacy team examined 34 socio-economic factors such as gross income, computers per capita, literacy rates, mobile penetration, political and economic stability within the region, and Facebook usage, among others, and compared them against malware infection rates for 105 countries.

Best vs Poor PerformersThe best performing countries had an infection rate of 5 infected machines per 1,000 systems scanned, much lower than the worldwide average of 8.9 infected machines per 1,000 systems, according to the SIR. Of the countries with lower infection rates, 43 percent were located in Western Europe, 29 percent in Central and Eastern Europe, and 17 percent in Asia Pacific.

In contrast, the poorer performing countries had an infection rate of 18 infected machines per 1,000 scanned systems, Microsoft found. The bulk of the countries with high infection rates were concentrated in the Middle East and Africa, with 52 percent, followed by 21 percent in Asia Pacific, and 10 percent in Latin America.

The infection rate was calculated from statistics collected from the Microsoft Malicious Software Removal Tool, which runs on more than 600 million systems around the world, the company said.

Countries with lower rates of malware infections also had lower levels of software piracy. "Poorer performing" countries in Africa and Middle East had piracy rates of 68 percent, which is a significantly higher rate than the 42 percent observed in the "better performing" countries in Western Europe and in the United States, Microsoft found. Half of the countries with lower piracy rates had signed a cyber-security treaty or a voluntary code, compared to 10 percent of the countries his higher piracy rates.

In parts of Africa, Asia, and the Middle East, peer-to-peer file trading sites promising free or cut-rate software are responsible for a high number of infections, Microsoft said. "This is unsurprising, as pirated software poses a serious security risk to its users," researchers wrote in the SIR.

While there may not be a direct relationship between the infection rate and online piracy, Microsoft said there were potential benefits to protecting intellectual property.

Regulations Have an ImpactCountries with lower infection rates had a few things in common. For example half of the better-performing countries had signed cyber-security-related treaties and implemented regulations, Microsoft said. European countries who had signed on to the Council of Europe Convention on Cybercrime or were members of the London Action Plan generally had better results than non-members, according to the SIR.

The Council of European Convention on Cybercrime created regional policy parameters and provided legal authority to investigate and prosecute cyber-criminals.

Having an acknowledged military cyber-strategy, on the other hand, was not a strong indicator of the country's overall security, Microsoft found. While 51 percent of countries who performed better than average had a formal strategy, so did 21 percent of the low-performing countries, according to the report.

While these specific policy actions "are critical steps" for policymakers to consider, the manner of how these policies were created and adopted, such as international partnerships and joint public-and-private efforts, are also important to consider while drafting future cyber-security policies, researchers concluded.

"For policymakers seeking ways to improve national cybersecurity, these policies represent activities that are likely to have a meaningful and measurable impact," researchers wrote.

Fahmida Y. Rashid is a senior analyst for business at PCMag.com. She focuses on ways businesses can use technology to work efficiently and easily. She is paranoid about security and privacy, and considers security implications when evaluating business technology. She has written for eWEEK, Dark Reading, and SecurityWeek covering security, core Internet infrastructure, and open source.
Follow me on Twitter: zdfyrashid
More »